After making headlines by targeting a number of healthcare organizations over the summer, the cybercriminal actor known as TheDarkOverlord re-emerged last week with a new victim: California investment bank WestPark Capital. As we noted in last week’s cyber risk roundup, the leak of documents from WestPark Capital is the first time SurfWatch threat analysts have observed TheDarkOverlord targeting… Read More

What’s Everyone Talking About? Trending Cybercrime Events Yahoo was the week’s top trending cybercrime target as the fallout of a breach affecting more than 500 million accounts continues to play out. CEO Marissa Mayer has faced intense scrutiny from lawmakers and others over the handling of the company’s cybersecurity. A Wednesday New York Times article… Read More

Despite recent media attention surrounding nation-state hackers infiltrating government organizations and attempting to influence elections, the bulk of government-related cybercrime tends to be driven by less sophisticated and more ideologically-motivated campaigns carried out by hacktivist actors, according to a new report from SurfWatch Labs. Government is the third most active sector when it comes to cybercrime, behind only information… Read More

Effective cyber threat intelligence is largely about gaining proper context around the risks facing your organization. As SurfWatch Labs chief security strategist Adam Meyer recently wrote, there are three pillars when it comes to evaluating those cyber threats: capability, intent and opportunity. The first two, the capability and intent of threat actors, are mostly external aspects that you… Read More

The past week has been full of various data breach announcements that have flown mostly under the radar. One exception is the breach at the World Anti-Doping Agency (WADA). New batches of information on Olympic athletes continue to be leaked, and the Entertainment sector’s cyber risk score has steadily risen to reflect those leaks. Another… Read More

I spend my work days digging through SurfWatch Labs’ cybercrime data and writing blogs and reports on the latest cyber threat intelligence trends, so it should come as no surprise that among my friends and family, I’ve become the “cybersecurity guy.” In fact, many of those same people in my personal life would be happy to shove… Read More

Three of this week’s top four trending industry targets centered around DDoS attacks. Linode, which made last week’s roundup over reported DDoS attacks, was targeted once again. The cloud hosting company has seen DDoS attacks throughout the month, with the latest attack coming on September 13, according to company logs. Additionally, Brian Krebs’ website was hit… Read More

Medical device company St. Jude filed a lawsuit yesterday against Muddy Waters and MedSec Holdings over a “false” report about cybersecurity issues in St. Jude’s cardiac devices. The August report caused the company’s stock to drop more than ten percent on the heels of those allegations and raised questions around a pending $25 billion deal to be acquired by Abbott Laboratories.… Read More

There’s a popular cybercrime statistic that has been vexing me for years, and if you read cybersecurity news regularly, I’m sure you’ve seen it cited a few dozen times as well: 60% of small businesses close their doors within six months of a cyber-attack. I’ve always been skeptical of that bold statistic. As Mark Twain wrote in his autobiography,… Read More

Earlier this month, Banner Health announced a data breach affecting approximately 3.7 million people. Since then, a series of class action lawsuits have been filed against the healthcare provider. The breach involved two separate attacks, Banner Health said. The first targeted payment cards used at food and beverage outlets across some Banner Health locations. The second targeted patient, insurance, and provider information. The… Read More